Issue 649: Problems related to "locally constrained" of Credentials (1) (sec-rev) Source: (, ) Nature: Uncategorized Severity: Summary: Summary: In interface SecurityAdmin::AccessPolicy, operation get_effective_rights which passes in an argument of type CredentialsList Resolution: resolved, close issue Revised Text: Actions taken: August 1, 1997: received issue March 26, 1998: closed issue Discussion: End of Annotations:===== Return-Path: Sender: jis@fpk.hp.com Date: Fri, 01 Aug 1997 20:08:22 -0400 From: Jishnu Mukerji Organization: Hewlett-Packard New Jersey Laboratories To: sec-rev@omg.org Subject: Interesting problem to think about As a followup to this long draawn out discussion that has been going on about "locally constrained" objects, I decided to screen through the Security spec with a fine-toothed comb to see what kind of problems are lurking in there. My analysis so far shows that there are problems related to "local constrainedness" of Credentials in two places. They are: (1) In interface SecurityAdmin::AccessPolicy, operation get_effective_rights which passes an in argument of type CredentialsList. In both of these cases the intent is to pass the contents of a bunch of Credentials in a tamper-proof way to the target objects. These are cases where ideally a secure pass by value would be what one is looking for. Unfortunately, since that is not available, we will have to come up with something that actually works in a secure manner. This is a legitimate issue that needs to be addressed. Juergen, please add this to the list of issues. Thanks to Ken for asking all those questions about "locality constraint" and to all of you for your patience while we painfully figure all this out. Regards, Jishnu. --- Jishnu Mukerji Email: jis@fpk.hp.com Hewlett-Packard New Jersey Labs Tel: +1 973 443 7528 MS D283, 180 Park Avenue, Bldg 103, Fax: +1 973 443 7602 Florham Park NJ 07932-9998, USA.